In one of my previous posts, I talked about Phishing and Whaling, and I realised that I haven’t really talked about email itself yet. Email is ubiquitous, it’s everywhere, and yet it’s not that long since we started using it. My first “public”email address was a Compuserve account back in 1995, and I very quickly created an AOL or Hotmail address soon after that. But that’s only just over 20 years ago – and look how far we’ve come since then!
In all that time though, some bad habits have appeared amongst us all, and I thought it would be helpful to highlight a few here. I’m going to assume that you have an active and up-to-date anti-malware program installed on your machine: that’s a pre-requisite before connecting to the internet, in my book.
The first point I’d make is that you should be very careful when opening email. If it’s from someone you don’t know, if it’s got attachments you’re not expecting, if it’s got hyperlinks (you know, those web addresses which, when you click on them, take you to a website) which you can’t see the destination of, should all raise little red flags in your head. As a rule of thumb, don’t click on links, don’t open documents and don’t even open the email if they’re unexpected or you don’t know the sender.
Second, don’t just hit Reply To All when responding. There was an item of news last year when an email was inadvertently sent to 800 000 people in the NHS, which was bad enough. They system crashed with the number of people hitting Reply To All and saying “please stop replying to all”. Unbelievable, right? But it happens, and I’ve seen it at other companies. As a rough rule of thumb, Reply only to the person who sent the mail (and possibly the other people in the To part of the address) if at all possible.
Third, when forwarding mail, look at the message(s) you’re forwarding. Are there lots of other email addresses in the message somewhere? If so – delete them before hitting send. It’s another source of information that hackers can use to gather email addresses to target in phishing campaigns.
When sending a new message, or forwarding a message, think about who you’re sending it to. If you’re sending it to several people, and they don’t know each other, use the BCC (Blind Carbon Copy) feature. This means that none of the recipients will be able to see who else the message was sent to, and it reduces the risk of long lists of email addresses being made available to the bad guys.
At the end of the day, keep things simple, be alert, and for the most part you’ll be OK.